An overview of ISO 37001:2016 certification and its benefits

[div class=”box1 mt15 cms_area”]

The business world today sees stricter global trade practices, freezing of accounts, penalties and trade sanctions. These are imposed by the U.S. Foreign Corrupt Practices Act (FCPA), U.K. Anti-Bribery Act, the French Sapin II Law and other global laws. In view of this, organizations have now taken a serious stance towards ethical business practices.

In the Middle East, issues like anti-bribery, anti-corruption, counter-terrorist financing (CTF), and anti-money laundering (AML) have been widely discussed in government, regulation institutions, board rooms of private enterprises, and public forums.

To protect the integrity of financial markets, governments and regulators in GCC nations have taken stricter measures towards enforcing compliance. Stringent action and penalties against financial institutions for non-compliance, can impact profitability and even lead to business losses.

Hence, no organization must risk getting implicated for bribery. All stakeholders—shareholders, Board members, partners, customers–need to be assured that the management has made concerted efforts to check corruption at all levels within the organization. This can be achieved by implementing the ISO 37001 standard and certification.

What is the ISO 37001:2016 standard?

Bribery is a major challenge among the various corruption and unethical practices. According to OECD Anti-Corruption and Integrity Hub, over US$1 trillion is paid in bribes each year. The economic loss from corruption is much higher than that number. Bribery can have a direct impact on quality of business processes and it diminishes trust, with offenders losing credibility, customers and business opportunities.

ISO 37001:2016 certifies anti-bribery management systems and establishes a standard to help organizations fight against corruption and unethical business practices. It also establishes a culture of integrity, transparency and compliance.

According to the International Standards Organization, ISO 37001:2016 specifies requirements and provides guidance for establishing, implementing, maintaining, reviewing and improving an anti-bribery management system. The system can be standalone or can be integrated into an overall management system.

The standard was developed by the ISO technical committee ISO/TC 309, chaired by lawyer Neill Stansbury, and published for the first time on October 15, 2016, hence its label ISO 37001:2016.

This is not a standalone standard and an organization can also implement the anti-bribery management system in conjunction with, or as part of other systems, such as those relating to quality, environment and safety.

What ISO 37001:2016 is and isn’t

There have been a lot of misconceptions and false expectations about the ISO 37001:2016 standard. The standard itself is only applicable to bribery, but the scope of the management system can be extended to address other activities such as fraud, cartels, anti-money laundering (AML), and other anti-competitive practices.

ISO 37001:2016 is a blueprint that defines requirements and offers guidance for a management system that can help organizations mitigate the risk of bribery, by detecting and responding to bribery, in accordance with anti-bribery laws.

Global benefits for certified companies

Many large organizations globally are now requiring, as part of their due diligence process, suppliers to be certified for this standard to qualify for the tendering process. Certification for this standard helps companies improve their image of trust and confidence for various reasons. While certification is not mandatory today, many jurisdictions are in the process of making it a mandatory requirement for trade.

Certification is a structured approach to compliance. An ISO 37001:2016 certified organization will have better credibility and more opportunities for doing business with local and global organizations.

Here are some benefits that an ISO 37001 certified company can accrue:

Leniency in the event of violations

Companies that report bribery and then cooperate in the investigations may be incentivized. Though jurisdictions are yet to accept ISO 37001:2016 certification as actual evidence, the certification proves that a compliance program was in place at the time of the alleged illegal actions, thereby strengthening its case.

Legal defence

The U.K. Bribery Act has a provision that specifies a company can defend itself against alleged violations if it can prove that it “had in place adequate procedures designed to prevent persons associated with [the company] from undertaking such conduct.”

Although, it remains uncertain whether prosecutors will accept ISO 37001:2016 certification as evidence that adequate procedures were in place. However, the certification will provide the company with tangible and prima-facie evidence from a third-party auditor or certification body attesting to an effective compliance and ethics program.

Demonstration of ethics

Certification sends out a strong message to a company’s vendors, customers, shareholders, business associates, partners and the market/industry; the message being that the company has an effective compliance and ethics program to prevent bribery. This will have a positive effect on the company’s operations.

An ISO 37001:2016 certified company will have a competitive advantage and project the company as a responsible one, thereby increasing investor and customer confidence and trust.

Avoid reputational damage

A company that implements an anti-bribery management system based on ISO 37001:2016 will avoid reputational damage, a consequence of being involved in bribery. Reputation is crucial for the sustainability of a company.

A damaged reputation can drastically impact the share price and market share of an organisation. An anti-bribery management system can mitigate bribery and protect its reputation.

Save costs

Organizations that implement an anti-bribery management system will save money by not paying bribes and avoiding costly legal procedures, if accused of bribery.

Integration with exiting management systems

The ISO 37001:2016 standard can easily be integrated into existing management systems since it follows the same structure as ISO 9001, ISO 14001 and ISO 45001.

Combating bribery in the Middle East

The Transparency International Corruption Perceptions Index shows that the Middle East region lags behind some global regions when it comes to bribery and corruption. While some countries in the Middle East, like United Arab Emirates, Saudi Arabia and Bahrain have taken adequate measures to succeed in their fight against corruption, other nations like Syria, Yemen, and Libya are at the bottom of the list. Although countries like Morocco and Egypt have shown some improvement.

There have been a few cases of corruption and bribery reported in the Middle East region but which have been effectively handled by the local governments and the affected organizations.

While the Middle East region is not unique in its approach to tackling corruption and bribery, governments and businesses operating out here have started to take a serious stance against bribery and are increasingly looking at ISO 37001:2016 certification to help them operate within necessary compliance and mitigate any risks.

The certification process

So, what does the certification process involve and how long does it take to achieve certification?

When a certification audit takes place, third-party auditors visit the company and study processes and the management system, seeking areas for improvement. The auditors make recommendations to increase the effectiveness of the company’s anti-bribery management system.

Regarding the time-frame, it really depends on the size of the organization and the complexity of the processes. Once the audit is completed, the organization receives a certificate with a validity of three years. Once certified, they can promote and use the verified certification logos as part of their corporate communications.

In addition, surveillance audits need to take place in yearly intervals, if the organization wants to maintain its certified status.


Strong business ethics and anti-corruption practices backed by strict laws and regulations can improve trade. Some Middle East nations like the UAE have taken positive steps and made major advances towards rooting out corruption.

But for complete transparency and a bribery-free business environment, governments need to step in, regulate and make certifications like ISO 37001:2016 mandatory for all relevant organizations that are involved in international trade. This will present positive and healthy economic growth and protect the integrity of financial markets.

The ISO 37001:2016 anti-bribery management system can help organisations address bribery and corruption through implementing best practices in a program of training and certification.

Bribery and corruption are universal challenges that won’t go away anytime soon. That requires a unified effort by all stakeholders in the region.

ISO 37001:2016 is the right step in that direction. It provides a blueprint for making those changes. Committing to it is the first step toward making real progress in the Middle East.